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postage security device and a meter server 



(57) A method is provided for establishing mutual 
authentication and secure communications between a 
microprocessor-based transaction evidencing device 
( 1 00) and a microprocessor-based server ( 1 20) coupled 
thereto. A session key Kg is generated at the transaction 
evidencing device (100) and encrypted with a first key 
to form a first message. The first message is sent to 
the server (120) and decrypted using a second key Kg. 
In response to the first message a second message Is 



generated at the server (120) and encrypted using the 
session key Kg. The encrypted second message is sent 
to the transaction evidencing device (100) and decrypt- 
ed using the session key Kg. A response to the second 
message is generated at the transaction evidencing de- 
vice (1 00) and is signed using a third key K3. The signed 
response is encrypted with the session key Kg and 
transmitted to the server (120). The encrypted signed 
response is decrypted using the session key Ks and the 
signature is verified using a fourth key K4. 
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Description 

The present invention relates generally to a system 
and method for communications within a postage evi- 
dencing system and. more particularly, to the security of 
such communications. 

The Information-Based Indicia Program (IBIP) is a 
distributed trusted system proposed by the United 
States Postal Service (USPS). The IBIP is expected to 
support new methods of applying postage in addition to, 
and eventually in lieu of. the current approach, which 
typically relies on a postage meter to mechanically print 
indicia on mailpieces. The IBIP requires printing large, 
high density, two dimensional (2-D) bar codes on mail- 
pieces. The Postal Service expects the IBIP to provide 
cost-effective assurance of postage payment for each 
mailpiece processed. 

The USPS has published draft specifications for the 
IBIP The INFORMATION BASED INDICIA PROGRAM 
(IBIP) INDICIUM SPECIFICATION, dated June 13. 
1996. defines the proposed requirements for a new in- 
dicium that will be applied to mail being processed using 
the IBIP The INFORMATION BASED INDICIA PRO- 
GRAM POSTAL SECURITY DEVICE SPECIFICATION, 
dated June 13. 1996, defines the proposed require- 
ments for a Postal Security Device (PSD) that will pro- 
vide security services to support the creation of a new 
"information based" postage postmark or indicium that 
will be applied to mail being processed using the IBIP 
The INFORMATION BASED INDICIA PROGRAM 
HOST SYSTEM SPECIFICATION, dated October 9, 
1 996, defines the proposed requ irements for a host sys- 
tem element of the IBIR The specifications are collec- 
tively referred to herein as the "IBIP Specifications". The 
IBIP includes interfacing user (customer), postal and 
vendor infrastructures which are the system elements 
of the program. 

The user infrastructure, which resides at the user's 
site, comprises a postage security device (PSD) cou- 
pled to a host system. The PSD is a secure processor- 
based accounting device that dispenses and accounts 
for postal value stored therein. The host system (Host) 
may be a personal computer (PC) ora meter-based host 
processor. 

tt is expected that once the IBIP is launched, the 
volume of meters will increase significantly when the 
PC-based meters are introduced. Such volume in- 
crease is expected in the small office and home office 
(SOHO) market. 

The IBIP Specifications address and resolve issues 
which minimize if not eliminate USPS risks regarding se- 
curity and fraud. However, the IBIP Specifications do not 
address all of the risks that will be assumed by meter 
users in the IBIP There are more risks for meter users 
in the IBIP than in conventional metering systems be- 
cause communications between the user infrastructure 
and the postal and vendor infrastructures contain much 
more user information than in such conventional meter- 



ing systems. 

Under conventional postage evidencing infrastruc- 
ture, communications have been point to point, with lim- 
ited, meter specific information transmitted to and from 

5 conventional meters. Under the IBIP, postage metering 
is evolving in a manner consistent with new communi- 
cations technology, such as networked computer sys- 
tems, internet, cellular communications and the like. Un- 
der the IBIP, communications between user infrastruc- 

^0 ture, i.e. the Host and PSD, and the IBIP infrastructure 
will include user confidential information, such as credit 
card numbers and addresses. It will be understood that 
communications over a network, the internet or a cellu- 
lar system are more susceptible to interception and tam- 

f5 pering by an attacker than conventional point to point 
communications that have heretofore been used with 
postage metering systems. An attacker could intercept 
user data as it is transmitted, masquerade as the user 
or gain sensitive user information. Therefore , the cus- 

20 lomer is at risk by using such new types of communica- 
tions. 

It is known to perform a mutual authentication of a 
vendor and user communications for the purpose of pro- 
tecting vendor and user information. For example, Se- 

25 cure Sockets Layer (SSL), as proposed by Netscape 
Communications, is a proposed standard for the achiev- 
ing such authentication. SSL, which is used on the in- 
ternet and other communication systems, authenticates 
the vendor/server to the user and optionally the user to 

30 the vendor/server. However. SSL requires a trusted third 
party, such as a certificate authority, to certify the identity 
of the users and their associated keys. 

The present invention provides a system and meth- 
od for mutual authentication between the user and ven- 

35 dor which minimizes, if not eliminates, risk to both the 
vendor and the user, but which does not require a trust- 
ed third party. The present invention is suitable for use 
with non-point-to-point communication systems, such 
as networked, internet, cellular and the like. 

40 It has been found that the expected volume of new 
PC-meters will require a new server, referred to herein 
as a meter server or SOHO server, thai will interface 
with existing postage evidencing infrastructure. The SO- 
HO server will handle all communications between the 

45 PC-meters and the infrastructure. 

The present invention provides a method to mutu- 
ally authenticate a meter server, which is also referred 
to herein as a SOHO server, and a PSD. In addition, 
through the use of a session key the present invention 

so provides a method of insuring the privacy of data sent 
between the SOHO server and the PSD. Although such 
mutual authentication is not required or suggested in the 
proposed USPS specifications, it has boon found that 
such mutual authentication minimizes the risks of the 

55 PC-meter users as well as the USPS. 

In accordance with the present invention, the Host 
creates a unique session key. This session key is en- 
crypted so only the SOHO server, as part of a new IBIP 
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infrastructure, can decrypt it. Once the session key has 
been established, the PSD will send through the Host a 
signed audit response to the SOHO server. Once the 
session key has been established, the session key will 
be used to encrypt all communications between the two. s 

The present invention provides a method for estab- 
lishing mutual authentication and secure communica- 
tions between an microprocessor-based transaction ev- 
idencing device and a microprocessor-based server 
coupled thereto. A session key Ks is generated at the io 
transaction evidencing device and encrypted with a first 
key Ki to form a first message. The first message is sent 
to the server and decrypted using a second key Kg. In 
response to the first message a second message is gen- 
erated at the server and encrypted using the session 
key Ks. The encrypted second message is sent to the 
transaction evidencing device and decrypted using the 
session key Kg. A response to the second message is 
generated at the transaction evidencing device and is 
signed using a third key Ka. The signed response Is en- 20 
crypted with the session key K3 and transmitted to the 
server. The encrypted signed response is decrypted us- 
ing the session key Kg and the signature is verified using 
a fourth key K4 . 

The above and other objects and advantages of the 25 
present invention will be apparent upon consideration 
of the following detailed description, taken in conjunc- 
tion with accompanying drawings, in which like refer- 
ence characters refer to like parts throughout, and in 
which: 30 

Fig. 1 is a schematic block diagram of a remote me- 
ter recharging system in accordance with an em- 
bodiment of the present invention; and 
Figs. 2a - 2c are flow charts of the mutual authenti- 35 
cation perfomned in accordance with an embodi- 
ment of the present invention. 

In describing an embodiment of the present inven- 
tion, reference is made to the drawings, wherein there 40 
is seen in Fig. 1 , a schematic block diagram of a postage 
evidencing system which includes a system and method 
for mutual authentication in accordance with an embod- 
iment of the present invention. The postage evidencing 
part of the system, generally designated 1 00. comprises -*5 
a postal security device (PSD) 112 coupled to a host 
system 1 1 4, which may be a conventional computer sys- 
tem or a postage meter The PSD 11 2 is a secure proc- 
essor-based accounting device that dispenses and ac- 
counts for postal value stored therein. The Host 114 is so 
conventionally connected to a remote fVleter Server 1 20 
which establishes on-line connections to several other 
computer systems, such as a Key IVlanagcment System 
(KMS) 130 and a Vendor Data Center 140. The Key 
Management System 130 securely generates, manag- ss 
es and distributes cryptographic keys and handles ob- 
taining meter certificates. When a new PSD 112 is put 
in service the Key Management System 130. encrypts* 



a PSD key K3. This encrypted key is sent to the SOHO 
server 140 where it is stored in an encrypted database 
145. The key may later be used to process PSD refills 
and audits. The key management system 130 makes 
the necessary keys available to the Meter Server 120 
so it can process meter refills and audits. 

During man ufacturing initialization of a PSD 1 1 2 the 
Key Management System 1 30 provides a secret key K3 
to the PSD 112. The secret key may be unique to the 
PSD, or, preferably, is a key from a "1000 Key System." 
as described in European Patent Application Serial No. 
97 1 1 9056.6, filed October 31 . 1 997, and European Pat- 
ent Publication No. 0647924, October 5.1994, both as- 
signed to the assignee of the instant application. The 
secret key which is stored in an encrypted format in the 
KMS database, is loaded from the secure KMS system 
in a manner similar to that described in European Patent 
Publication No. 0735722, and assigned to the assignee 
of the instant application. 

The SOHO Server adds additional (unctions neces- 
sary to allow current data center infrastructure to sup- 
port PC Meters. Such functions fall into three categories; 
provide secure, industrial strength connectivity with PC 
Meter clients to process real time meter related trans- 
actions; provide security functions for message encryp- 
tion, decryption, signature creation and signature verifi- 
cation; and provide processing for the new types of di- 
alogs required to remotely manage PSD's. To achieve 
these goals the SOHO Server establishes on-line con- 
nections to several other computer systems within the 
current data center infrastructure. 

The Key Management System includes a server 
that distributes keys and handles obtaining meter certif- 
icates. This Key Management System server acts as a 
server and provides a full time, on-line link for commu- 
nication with the PC Meter Server When a new meter 
is put in service the KMS gives the necessary keys to 
the SOHO Server so it can process meter refills and au- 
dits. When a meter is first put in service, moved to a new 
finance number, or needs to have its certificate renewed 
the KMS. upon request from the SOHO Server, gets a 
new certificate from the Certificate Authority and sends 
it to the SOHO Server where it is stored for subsequent 
downloading to the PC Meter Host. 

Since the SOHO Server 120 is not secure enough 
to be trusted with secret or private keys, all secret PSD 
keys are encrypted by the Key Management System 
130 with a key K^fj^Q known only the key management 
system 130 before they are sent to the SOHO Server 
120- (Private, keys are discarded immediately after 
downloading to the PSD 112). Separate secure boxes 
are used by the key management system 1 30 to secure 
keys. (See European Patent Publicatbn No. 0735722, 
previously noted, for a description of such secure box- 
es.) When the SOHO Server 1 20 needs to use a key it 
reads it from the database 145, where it resides in an 
encrypted form, and sends it to the key management 
system 1 30. The key nnanagement system 1 30 decrypts 
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the keys with key K^^MS known only to itself, and then 
uses the key Ki^tAS perlorm the requested function. 
Innnnediately after performing the requested function, 
the key K^ms is discarded, i.e.. the unencrypted version 
of the key is erased after it is used but an encrypted s 
version remains in the database 145 for later use. With 
this approach there will be no private or secret keys in 
clear form on the SOHO Server 120. 

Referring now to Fig. 2a through 2c, the process in 
accordance with the present invention is described. At io 
step 200, the Host 114 calls the SOHO sen/er 120 which 
generates, at step 202. a session key Kg to be used for 
this session. Session key Ks is a secret key , preferably 
a triple DES key. or a RSA RC2 or RSA RC4 key. In the 
preferred embodiment, at step 204. the Host 114 is 
prompts the user for user identification information, such 
as user name and password, which is entered into the 
Host at step 206. At step 208, the Host 1 1 4 encrypts the 
session key Kg with the vendor's public key, which is 
preferably stored in the PSD 112, and combines the en- 
crypted session key with the user identification informa- 
tion to form an encrypted message that the Host 114 
transmits, at step 210, to the SOHO server 120. It will 
be understood that, in an alternate embodiment, the 
vendor public key may be stored in the Host 1 1 4. At stop 25 
212, the SOHO server 1 20 transmits the encrypted mes- 
sage to the Key Management System 130 which then, 
at step 214. decrypts the encrypted message with the 
vendor's private key and returns the decrypted message 
and session key K3 to the SOHO server 120. At step 30 
216, the SOHO server 120 verifies the user identification 
information. If the user information is not verified at step 
218. an error signal is sent to the host at step 220. At 
step 222, the SOHO server 120 encrypts a sign-on re- 
sponse using the session key Kg and transmits it to the 35 
Host 1 1 4. At step 224. the Host 1 1 4 decrypts and verifies 
the sign-on response using the session key Kg. If the 
message is successfully decrypted, SOHO server 120 
is authenticated, i.e.. the Host 114 is assured that it is 
communicating with the expected SOHO server 1 20. At 40 
this point all communications between the SOHO server 
120 and the Host 114 are thereafter encrypted using 
session key Kg. \i the Host does not verify the sign-on 
response, an error signal is transmitted to the SOHO 
server. 45 

At step 228. the Host 114 transmits an Audit Re- 
quest message to the PSD 112. At step 230. the PSD 
112 generates an Audit Response message and signs 
the Audit Response message, at step 232 using the 
PSD secret key K3. At step 234. the PSD sends the so 
signed audit response to the Host 114. The Host en- 
crypts the Audit Response message with the session 
key Kg. at stop 236, and then transmits the encrypted 
message to the SOHO server 120. At step 240, the SO- 
HO server 120 decrypts the message with the session ss 
key Kg and looks up the encrypted PSD secret key K4 
in database 145. At step 242. the SOHO server 120 
transmits the key and signed audit data to the key man- 



agement system 130, along with an encrypted version 
of the PSD secret key K4 retrieved from the database 
145. The key management system 130 then decrypts 
the encrypted PSD secret key K4, at step 244, and ver- 
ifies the signature, at step 246, using the key K4 When 
the signature is verified, the key management system 
1 30 acknowledges signature verification to SOHO serv- 
er 120. At his point, the SOHO server 120 is assured 
that it is communicating with the expected PSD 112. If 
the signature is not verified, an error signal is sent to the 
SOHO server. 

At the successful completion of this process both 
the PSD and the SOHO server have been authenticat- 
ed, the user has been authenticated based upon the us- 
er identification information, and a session key has been 
established to protect the privacy of the data (e.g. credit 
card and address information) sent between the server 
and the Host. 

The present invention has been described for a pre- 
ferred embodiment relating to PC meters. It will be un- 
derstood by those skilled in the art that the present in- 
vention is also suitable for use transaction evidencing 
in general, such as for monetary transactions, item 
transactions and information transactions. 

While the present invention has been disclosed and 
described with reference to a single embodiment there- 
of, it will be apparent, as noted above, that variations 
and modifications may be made therein. For example, 
a single secret key could be used in place of public/pri- 
vate key pairs K^/Kg and K3/K4. Furthermore, it will be 
understood that the present invention is suitable for mu- 
tual authentication of any communication system in 
which it is desired to protect both parties to the commu- 
nication. It is, thus, intended in the following claims to 
cover each variation and modification that falls vyithin 
the true spirit and scope of the present invention. 

Claims 

1. A method for establishing mutual authentication 
and secure communications between a microproc- 
essor-based transaction evidencing device (100) 
and a microprocessor-based server (120) coupled 
thereto, the method comprising the steps of: 

generating a session key Kg at the transaction 
evidencing device (100); encrypting said ses- 
sion key Kg with a first key to form a first 
message; transmitting said first message to the 
server (120); 

decrypting the first message using a second 
key Kg; 

generating in response to the first message a 
second message at the server; 
encrypting said second message using said 
session key Kg; 

transmitting said encrypted second message to 
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the transaction evidencing device (100); 
decrypting said encrypted second message us- 
ing said session key K3; 
generating a response to said second message 
at the transaction evidencing device (100) and s 
signing said response using a third key K3; 
encrypting said signed response with said ses- 
sion key Kg: 

transmitting said encrypted signed response to 
said server (1 20); 10 
decrypting said encrypted signed response us- 
ing said session key Kg; and verifying the sig- 
nature of said signed response using a fourth 
key K4. 

75 

2. The method of Claim 1 wherein the step of decrypt- 
ing the first message using a second key K2 is per- 
formed at a key management system (1 30) opera- 
tively coupled to the, server (1 20). 

20 

3. The method of Claim 1 or 2 wherein the step of ver- 
ifying the signature of sard signed response using 
said fourth key K4 is performed at a key manage- 
ment system (1 30) operatively coupled to the server 

(120). 25 

4. The method of any one of Claims 1 to 3 wherein the 
transaction evidencing device (100) is a PC meter- 
ing system comprising a host computer system 
(114) coupled to a postal security device (112). 30 

5. The method of any one of Claims 1 to 4 wherein 
said first key is identical to said second key. 

6. The method of any one of Claims 1 to 5 wherein 35 
said third key is identical to said fourth key. 

7. An postage evidencing system, comprising: 



8 

said first and third keys, and the other of said 
second and fourth keys is used to verify signa- 
tures of messages that have been signed by 
said PC meter ( 1 00) using the other of said first 
and third keys wherein said mutual authentica- 
tion is completed successful decryption of a 
first message received from said PC meter 
(100) and successful verification of a signature 
on a third message received from said PC me- 
ter (100) in response to an encrypted second 
message sent to said PC meter from said meter 
server (120). 

8. The system of Claim 7 wherein said first message 
includes said session key, said second message is 
a response to said first message encrypted with 
said session key, and said third message is an audit 
response by said postal security device (112). 

9. The system of Claim 7 or 8 wherein said first key is 
identical to said second key 

10. The system of Claim 7, 8 or 9 wherein said third key 
is identical to said fourth key. 
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a PC meter (100), including a host computer 40 
system (114) and a postal security device (112); 
a meter server (1 20) operatively coupled to the 
PC meter (100). wherein said PC meter (100) 
and said meter server (1 20) establish a session 
key for each transaction completed therebe- 45 
tween; 

a data center (140) operatively coupled to the 
postage metering system (100), said data cent- 
er performing certain administrative functions 
following mutual authentication of said PC me- so 
terand said meter server (120); 
a database (145) operatively coupled to said 
meter server (120), said database having 
stored therein second and fourth keys corre- 
sponding to first and third keys stored in said ss 
PC meter (100). wherein one of said second 
and fourth keys is used to decrypt messages 
encrypted by said PC meter (100) using one of 
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